REMARKS 



In the Office Action, the Examiner indicated that Claims 1-5, 7-17, 19-26, and 28-30 
were rejected under 35 U.S.C. 102(e) as being anticipated by Mukai (U.S. Pub. 
20020178382). In addition. Claims 6, 18, and 27 were rejected under 35 U.S.C. 103 as being 
unpatentable over Mukai. 

Claims 1-3, 5-13, 15-16, 18-25, and 27-35 are pending. Claims 1, 10, and 22 are the 
independent claims. Claims 1, 10, and 22 are not anticipated by, and are patentable over 
Mukai . Paragraph 0250 of Mukai states: 

The security administration server S collects the communication 
packets flowing in the LAN by the following methods. For example, 
regarding commimication packets transmitted and received by the device to be 
monitored C connected to a same hub as the security administration server S, 
they may be directly obtained by the server S itself and the server S directly 
obtains them (however, excluding a case where the hub which the security 
administration server S is connected to has an intelligent function like as a 
switching hub). On the other hand, when the server S itself is connected to a 
switching hub, or regarding communication packets transmitted and received 
by a device to be monitored C which is connected to a hub different from the 
hub the server S is connected to, the server S itself cannot directly obtain 
them. Regarding the communications packets, for example, a program to 
obtain the commvinications packets (communications monitor software) is 
operated at the device to be monitored C side, and with an effect from this 
program, the communication packets accumulated and stored in the device to 
be monitored C are concentrated to the security administration server S at a 
suitable timing via the LAN, to be obtained. 

Thus, Mukai requires the security administration server S to be connected to the same 
hub as the device to be monitored C in a hub network. (See also Mukai, FIG. 10). In 
switched networks, Mukai requires communication monitor software operated at the device 
to be monitored C side where communication packets are accumulated and stored in the 
device to be monitored C side and sent to the security administration server S. Thus, Mukai 
is limited to collecting communication packets only from a predetermined set of devices to be 
monitored. The commimication monitor software must be installed on the devices to be 
monitored. Thus, a predetermined list of devices to be monitored is required. In 
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addition, the list of devices to be monitored requires initial compilation and maintenance for 
Mukai to function. 

In contrast. Applicant captures LAN traffic from a primary network switch. 

Referring to FIG. 1, Applicant states on page 7, lines 9-12 of the specification: 

In one embodiment, NDS 110 is a one rack unit (lU) box with a power plug. 
In such an embodiment, NDS 110 has two 100 Mbps network connection to 
primary switch 106. As shown in FIG. 1, one link is a mirrored uplink, via 
one NDS 1 10 port to collect data from LAN 102. 

In addition. Applicant does not require a list of devices to be monitored. Applicant 
states on page 5, lines 5-1 1, a process for identifying users of networked computers that does 
not require a list of devices to be monitored. Rather, Applicant captures traffic by installmg a 
discovery system apparatus on a primary switch: 

In an embodiment, the present invention is provided to an enterprise as a 
solution for mapping Internet Protocol (IP) addresses to an organization's 
personnel using directory data and the contents of network traffic. First, the 
enterprise's local area network (e.g., Ethemet, FDDI or the like) traffic is 
captured and analyzed by installing a name discovery system apparatus (i.e., 
"NDS" hardware) on the primary switch of the enterprise's local area network 
(LAN). The captured data is cross-correlated with list data to map IP 
addresses to end users. 

As stated above, Mukai monitors at the devices, and thus Mukai can only collect 
communications packets from the subset of devices that have had the communication 
monitoring software installed in advance. Devices without the communication monitoring 
software operate undetected and unmonitored. In contrast. Applicant collects communication 
packets from a primary network switch. Applicant does not require the installation of 
commimication monitoring software on the devices to be monitored. Claim 1 thus includes 
language stating that traffic is monitored through a primary switch. 

Furthermore, Mukai requires a manually entered and maintained list of devices to be 
monitored. Mukai is thus deficient when an entity does not keep a complete and updated list 
of devices, which is a very common occurrence. In contrast. Applicant does not require a 
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predetennined list of devices to be monitored, and thus does not need to maintain such a list. 
Applicant is able to discover this information from the network traffic at the primary switch. 
Thus, for example, if Alan is using a server that is not on the list of devices to be monitored. 
Applicant would still be able to find out which computer Alan was using at a specified time, 
but Mukai would not. 

For the above reasons, independent Claims 1, 10, and 22 are allowable. The 
remaining claims depend, either directly or indirectly on Claims 1, 10, or 22, and are thus 
also allowable. New claims 31, 32, and 33 are supported by, for example, page 13, line 1 1 to 
page 14, line 2; page 14, lines 8-21; and page 6, lines 1-6. New Claims 34 and 35 are similar 
to Claim 9 and are patentable for the same reasons. 

Applicant notes that the Examiner also rejected Claims 6, 18, and 27 for obviousness 
reasons. Applicant notes that because Claims 6, 18, and 27 depend on amended Claims 1,10, 
or 22, these claims are patentable. 

Applicant believes that a full and complete reply has now been made to the Office 
Action and, as such, the present application is in condition for allowance. The Examiner is 
invited to contact the undersigned by telephone should the Examiner believe that personal 
communication will expedite prosecution of this application. 



Respectfully submitted, 



DLA PIPER RUDNICK GRAY CARY U.S. LLP 




Dale Lazar 

Registration No. 28,872 



Lisa K. Norton 
Registration No. 44,977 



PO Box 9271 
Reston, VA 20195-3171 
(703) 773-4149 Telephone 
(703) 773-5064 Facsimile 
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